Container Escape in Bitbucket Pipelines Kata Containers
tl;dr Uses a known docker breakout to escape into the wrapping VM, then by replacing a logfile with a symlink you could post to locations on the host machine.
Vulnerabilities (Page 59)
Allow arbitrary URLs, expect arbitrary code execution
Just an overview of how opening links is broken if you don’t check the schema and let the OS deal with it.